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DETAILED ACTION 

Claims 1-20 are pending. 

5 Objections - Specification 

The disclosure is objected to because of the following informalities: 
Applicant's 'Background of the Invention' cites US Patent Application "METHOD 
AND APPARATUS FOR PROVIDING ADAPTIVE SELF-SYNCHRONIZED 
DYNAMIC ADDRESS TRANSLATION" but fails to provide the U.S. Patent 
10 Application Serial Number (09/927671). Applicant's 'Background of the 

Invention" also cites US Patent Application "SLIDING SCALE ADAPTIVE SELF- 
SYNCHRONIZED DYNAMIC ADDRESS TRANSLATION" but fails to provide the 
U.S. Patent Application Serial Number (09/927979). Appropriate correction is 
required. 

15 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 

U.S.C. 102 that form the basis for the rejections under this section made in this 

20 Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in 
public use or on sale in this country, more than one year prior to the date of application for patent in 
the United States. 

25 
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Claims 1-20 are rejected under 35 U.S.C. 102(b) as being anticipated by 
Kraemer et al. (U.S. Patent No. 5,798,706). 

As per Claim 1 , Kraemer et al. discloses an apparatus for detecting 
5 adversarial activity on a network, comprising: 

a memory adapted to store a host table (see col. 3 lines 46-60); 

a key exchanger adapted to derive a cipher key (see page 2 of WIPO 
Publication No. 97/26734 -- incorporated by Kraemer et al. in col. 3 lines 40-45, 
reference "VPN"); 

10 a translator adapted to translate predetermined portions of packet header 

information of a data packet according to a cipher algorithm keyed by the cipher 
key (see page 2 of WIPO Publication No. 97/26734 - incorporated by Kraemer et 
al. in col. 3 lines 40-45, reference "VPN"), wherein the predetermined portions 
include an address (see col.4 lines 33-46); 

15 a mapping device adapted to map the address to the host table (see col. 3 

line 60 thru col.4 line 2); and 

an actuator adapted to trigger a security device when the address does 
not match an entry in the host table (see col.4 lines 3-5 and 20-32). 

20 As per Claim 2, Kraemer et al. discloses an apparatus as set forth in 

Claim 1 , wherein the security device is a logging device adapted to log the data 
packet (see col.4 lines 3-5 and 26-31). 
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As per Claim 3, Kraemer et al. discloses an apparatus as set forth in 
Claim 1 , wherein the security device is adapted to signal an alarm when triggered 
(see col.2 lines 27-31 and col.4 lines 20-25). 

5 As per Claim 4, Kraemer et al. discloses an apparatus as set forth in 

Claim 1 , further comprising: 

a host resolution device adapted to derive the host table using an address 
resolution protocol (see col.4 lines 48-52). 



10 As per Claim 5, Kraemer et al. discloses an apparatus as set forth in 

Claim 1 , further comprising: 

a network device adapted to place the data packet onto a network when 
the address maps to the host table (col.1 line 66 through col.2 line 9 and col.2 
lines 27-31). 

15 

As per Claim 6, Kraemer et al. discloses a method for detecting 
adversarial activity on network, comprising: 

storing a host table (see col. 3 lines 46-60); 

deriving a cipher key (see page 2 of WIPO Publication No. 97/26734 - 
20 incorporated by Kraemer et al. in col. 3 lines 40-45, reference "VPN"); 

translating predetermined portions of packet header information of a data 
packet according to a cipher algorithm keyed by the cipher key (see page 2 of 
WIPO Publication No. 97/26734 - incorporated by Kraemer et al. in col. 3 lines 
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40-45, reference "VPN"), wherein the predetermined portions include an address 
(see col.4 lines 33-46); 

mapping the address the host table (see col. 3 line 60 thru col.4 line 2); 

and 

triggering a security device when the address does not match an entry in 
the host table (see col.4 lines 3-5 and 20-32). 

As per Claim 7, Kraemer et al. discloses a method as set forth in Claim 6, 
further comprising: 

logging the data packet when the address does not match an entry in the 
host table (see col.4 lines 3-5 and 26-31). 

As per Claim 8, Kraemer et al. discloses a method as set forth in Claim 6, 
further comprising: 

signaling an alarm when the security device is triggered (see col. 2 lines 
27-31 and col.4 lines 20-25). 

As per Claim 9, Kraemer et al. discloses a method as set forth in Claim 6, 
further comprising: 

deriving the host table using an address resolution protocol (see col.4 
lines 48-52). 
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As per Claim 10, Kraemer et al. discloses a method as set forth in Claim 
6, further comprising: 

placing the data packet onto a network when the address maps to the host 
table (see col.4 lines 3-5 and 26-31). 

5 

As per Claim 1 1 , Kraemer et al. discloses a device for detecting 
adversarial activity on a network, comprising: 

means for storing a host table (see col. 3 lines 46-60); 

means for deriving a cipher key (see page 2 of WIPO Publication No. 
10 97/26734 incorporated by Kraemer et al. in col.3 lines 40-45, reference "VPN"); 

means for translating predetermined portions of header information of a 
data packet according to a packet cipher algorithm keyed by the cipher key (see 
page 2 of WIPO Publication No. 97/26734 - incorporated by Kraemer et al. in 
col.3 lines 40-45, reference "VPN"), wherein the predetermined portions include 
15 an address (see col.4 lines 33-46); 

means for mapping the address to the host table (see col.3 line 60 thru 
col.4 line 2); and 

means for triggering a security device when the address does not match 
an entry in the host table (see col.4 lines 3-5 and 20-32). 

20 

As per Claim 12, Kraemer et al. discloses a device as set forth in Claim 
11, further comprising: 
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means for logging the data packet when the address does not match an 
entry in the host table (see col.4 lines 3-5 and 26-31). 

As per Claim 13, Kraemer et al. discloses a device as set forth in Claim 
5 11, further comprising: 

means for signaling an alarm when the security device is triggered (see 
col.2 lines 27-31 and col.4 lines 20-25). 

As per Claim 14, Kraemer et al. discloses a device as set forth in Claim 
10 11, further comprising: 

means for deriving the host table using an address resolution protocol 
(see col.4 lines 48-52). 

As per Claim 15, Kraemer et al. discloses a device as set forth in Claim 
15 11, further comprising: 

means for placing the data packet network when the address maps to the 
host table (see col.4 lines 3-5 and 26-31). 

As per Claim 16, Kramer et al. discloses a bastion host adapted for 
20 processing packet header information of a data packet, the bastion host being 
operable to: 

store a host table (see col. 3 lines 46-60); 
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derive a cipher key (see page 2 of WIPO Publication No. 97/26734 - 
incorporated by Kraemer et al. in col. 3 lines 40-45, reference "VPN"); 

translate predetermined portions of packet header information of a data 
packet according to a cipher algorithm keyed by the cipher key (see page 2 of 
5 WIPO Publication No. 97/26734 - incorporated by Kraemer et al. in col. 3 lines 
40-45, reference'VPN"), wherein the predetermined portions include an address 
(see col.4 lines 33-46); 

map the address to the host table (see col. 3 line 60 thru col.4 line 2); and 

trigger a security device when the address does not match an entry in the 
10 host table (see col.4 lines 3-5 and 20-32). 



As per Claim 17, Kraemer et al. discloses the bastion host as set forth in 
Claim 16, the bastion host being further operable to log the data packet when the 
address does not match an entry in the host table (see col.4 lines 3-5 and 26-31). 

15 

As per Claim 18, Kraemer et al. discloses the bastion host as set forth in 
Claim 16, the bastion host being further operable to signal an alarm when the 
security device is triggered (see col. 2 lines 27-31 and col.4 lines 20-25). 



20 



As per Claim 19, Kraemer et al. discloses the bastion host as set forth in 
Claim 16, the bastion host being further operable to deriving the host table using 
an address resolution protocol (see col.4 lines 48-52). 
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As per Claim 20, Kraemer et al. discloses the bastion host as set forth in 
Claim 16, the bastion host being further operable to place the data packet onto a 
network when the address maps to the host table (see col.4 lines 3-5 and 26- 
31). 

Claims 1-3, 5-8, 10-13, 15-18, and 20 are rejected under 35 U.S.C. 102(b) 
as being anticipated by Deng et al. (U.S. Patent No. 6,701,432 B1). 



As per Claim 1 , Deng et al. discloses an apparatus for detecting 
10 adversarial activity on a network, comprising: 

a memory adapted to store a host table (see col. 5 line 61 thru col.6 line 23 
and col.9 lines 1-20); 

a key exchanger adapted to derive a cipher key (see col. 10 lines 13-51); 
a translator adapted to translate predetermined portions of packet header 
1 5 information of a data packet according to a cipher algorithm keyed by the cipher 
key, wherein the predetermined portions include an address (see col. 10 lines 13- 
51); 

a mapping device adapted to map the address to the host table (see col.6 
lines 16-48 and col. 7 lines 1-5); and 
20 an actuator adapted to trigger a security device when the address does 

not match an entry in the host table (see col.9 lines 45-49). 
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As per Claim 2, Deng et al. discloses an apparatus as set forth in Claim 1 , 
wherein the security device is a logging device adapted to log the data packet 
(see col. 9 lines 45-49). 



5 As per Claim 3, Deng et al. discloses an apparatus as set forth in Claim 1 , 

wherein the security device is adapted to signal an alarm when triggered (see 
col.9 lines 45-49). 



As per Claim 5, Deng et al. discloses an apparatus as set forth in Claim 1 , 
1 0 further comprising: 

a network device adapted to place the data packet onto a network when 
the address maps to the host table (col.9 lines 50-57). 



As per Claim 6, Deng et al. discloses a method for detecting adversarial 
15 activity on network, comprising: 

storing a host table (see col. 5 line 61 thru col.6 line 23 and col.9 lines 1- 

20); 

deriving a cipher key (see col. 10 lines 13-51); 

translating predetermined portions of packet header information of a data 
20 packet according to a cipher algorithm keyed by the cipher key, wherein the 
predetermined portions include an address (see col. 10 lines 13-51); 

mapping the address the host table (see col.6 lines 16-48 and col.7 lines 
1-5); and 
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triggering a security device when the address does not match an entry in 
the host table (see col. 9 lines 45-49). 

As per Claim 7, Deng et al. discloses a method as set forth in Claim 6, 
5 further comprising: 

logging the data packet when the address does not match an entry in the 
host table (see col. 9 lines 45-49). 

As per Claim 8, Deng et al. discloses a method as set forth in Claim 6, 
1 0 further comprising: 

signaling an alarm when the security device is triggered (see col. 9 lines 
45-49). 

As per Claim 10, Deng et al. discloses a method as set forth in Claim 6, 
15 further comprising: 

placing the data packet onto a network when the address maps to the host 
table (col.9 lines 50-57). 

As per Claim 1 1 , Deng et al. discloses a device for detecting adversarial 
20 activity on a network, comprising: 

means for storing a host table (see col. 5 line 61 thru col.6 line 23 and col.9 
lines 1-20); 

means for deriving a cipher key (see col. 10 lines 13-51); 
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means for translating predetermined portions of header information of a 
data packet according to a packet cipher algorithm keyed by the cipher key, 
wherein the predetermined portions include an address (see col. 10 lines 13-51); 

means for mapping the address to the host table (see col. 6 lines 16-48 
5 and col.7 lines 1-5); and 

means for triggering a security device when the address does not match 
an entry in the host table (see col. 9 lines 45-49). 

As per Claim 12, Deng et al. discloses a device as set forth in Claim 1 1 , 
10 further comprising: 

means for logging the data packet when the address does not match an 
entry in the host table (see col. 9 lines 45-49). 

As per Claim 13, Deng et al. discloses a device as set forth in Claim 1 1 , 
15 further comprising: 

means for signaling an alarm when the security device is triggered (see 
col. 9 lines 45-49). 

As per Claim 1 5, Deng et al. discloses a device as set forth in Claim 1 1 , 
20 further comprising: 

means for placing the data packet network when the address maps to the 
host table (col. 9 lines 50-57). 
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As per Claim 16, Deng et al. discloses a bastion host adapted for 
processing packet header information of a data packet, the bastion host being 
operable to: 

store a host table (see col. 5 line 61 thru col. 6 line 23 and col.9 lines 1-20); 
5 derive a cipher key (see col. 10 lines 13-51); 

translate predetermined portions of packet header information of a data 
packet according to a cipher algorithm keyed by the cipher key, wherein the 
predetermined portions include an address portions include an address (see 
col. 10 lines 13-51); 

10 map the address to the host table (see col. 6 lines 16-48 and col.7 lines 1- 

5); and 

trigger a security device when the address does not match an entry in the 
host table (see col.9 lines 45-49). 

15 As per Claim 17, Deng et al. discloses the bastion host as set forth in 

Claim 16, the bastion host being further operable to log the data packet when the 
address does not match an entry in the host table (see col.9 lines 45-49). 



20 



As per Claim 18, Deng et al. discloses the bastion host as set forth in 
Claim 16, the bastion host being further operable to signal an alarm when the 
security device is triggered (see col.9 lines 45-49). 
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As per Claim 20, Deng et al. discloses the bastion host as set forth in 
Claim 16, the bastion host being further operable to place the data packet onto a 
network when the address maps to the host table (col. 9 lines 50-57). 

5 Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described 
10 as set forth in section 1 02 of this title, if the differences between the subject matter sought to 

be patented and the prior art are such that the subject matter as a whole would have been 
obvious at the time the invention was made to a person having ordinary skill in the art to which 
said subject matter pertains. Patentability shall not be negatived by the manner in which the 
invention was made. 

15 

Claims 4, 9, 14, and 19 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Deng as applied to claims 1,6, 11, and 16 above, and further 
in view of Kraemer et al. (U.S. Patent No. 5,798,706). 

20 

As per Claim 4, Deng et al. discloses an apparatus as set forth in Claim 1 , 
but fails to disclose a host resolution device adapted to derive the host table 
using an address resolution protocol. 

Kraemer et al. discloses a host resolution device adapted to derive the 
25 host table using an address resolution protocol (see col.4 lines 48-52). 

It would have been obvious to a person of average skill in the area at the 
time of the invention to include within Deng's apparatus for detecting adversarial 
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activity on a network Kraemer's ARP derived host table in order that an 
administrator without knowledge of the hardware addresses of the devices 
connected to the network, need not be burdened with entering by hand the MAC 
addresses of each device. 

5 

As per Claim 9, Deng et al. discloses a method as set forth in Claim 6, but 
fails to disclose deriving the host table using an address resolution protocol. 

Kraemer et al. discloses deriving the host table using an address 
resolution protocol (see col.4 lines 48-52). 

10 It would have been obvious to a person of average skill in the area at the 

time of the invention to include within Deng's apparatus for detecting adversarial 
activity on a network Kraemer's ARP derived host table in order that an 
administrator without knowledge of the hardware addresses of the devices 
connected to the network, need not be burdened with entering by hand the MAC 

1 5 addresses of each device. 

As per Claim 14, Deng et al. discloses a device as set forth in Claim 1 1 , 
but fails to disclose means for deriving the host table using an address resolution 
protocol. 

20 Kraemer et al. discloses deriving the host table using an address 

resolution protocol (see col.4 lines 48-52). 

It would have been obvious to a person of average skill in the area at the 
time of the invention to include within Deng's apparatus for detecting adversarial 
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activity on a network Kraemer's ARP derived host table in order that an 
administrator without knowledge of the hardware addresses of the devices 
connected to the network, need not be burdened with entering by hand the MAC 
addresses of each device. 

5 . 

As per Claim 19, Deng et al. discloses the bastion host as set forth in 
Claim 16, but fails to disclose the bastion host being further operable to deriving 
the host table using an address resolution protocol (). 

Kraemer et al. discloses the bastion host being further operable to deriving 
10 the host table using an address resolution protocol (see col.4 lines 48-52). 

It would have been obvious to a person of average skill in the area at the 
time of the invention to include within Deng's apparatus for detecting adversarial 
activity on a network Kraemer's ARP derived host table in order that an 
administrator without knowledge of the hardware addresses of the devices 
15 connected to the network, need not be burdened with entering by hand the MAC 
addresses of each device. 



Conclusion 

20 Any inquiry concerning this communication or earlier communications from 

the examiner should be directed to Tamara Teslovich whose telephone number 
is (571) 272-4241. The examiner can normally be reached on Mon-Fri 8-4:30. 
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If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Andrew Caldwell can be reached on (571) 272-3868. The 
fax phone number for the organization where this application or proceeding is 
assigned is 703-872-9306. 
5 Information regarding the status of an application may be obtained from 

the Patent Application Information Retrieval (PAIR) system. Status information 
for published applications may be obtained from either Private PAIR or Public 
PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair- 
10 direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll- 
free). 





15 
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